package com.shinvent.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.Key;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;

import com.shinvent.common.Logger;
import com.shinvent.dao.BaseDao;
import com.shinvent.dao.T_INVENTORYDao;
import com.shinvent.dao.T_USERDao;
import com.shinvent.security.AES;
import com.sun.org.apache.xml.internal.security.utils.Base64;

public class Search extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    public Search() {
        super();
    }

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/xml");
	    PrintWriter out = response.getWriter();
	    T_INVENTORYDao itemDao = null;
	    T_USERDao userDao = null;
	    
	    try{
	    	String name = request.getParameter("name");
	    	String localorder = request.getParameter("localorder");
	    	String month = request.getParameter("month");
	    	String year = request.getParameter("year");
	    	String user = request.getParameter("u");
	    	String status = request.getParameter("status");
	    	String vendor = request.getParameter("vendor");
	    	String sql = "";
	    	itemDao = new T_INVENTORYDao();
	    	
	    	if(name!=null && !name.equals("")){
	    		sql += "ITEM_NAME LIKE '%" + name + "%'";
	    	}
	    	
	    	if(localorder!=null && !localorder.equals("")){
	    		if(sql.length() > 0){
	    			sql += " AND LOCAL_ORDER_ID LIKE '%" + localorder + "%'";
	    		}else{
	    			sql += "LOCAL_ORDER_ID LIKE '%" + localorder + "%'";
	    		}
	    	}
	    	
	    	if(month!=null && !month.equals("")){
	    		if(sql.length() > 0){
	    			sql += " AND MONTH_ID = " + month;
	    		}else{
	    			sql += "MONTH_ID = " + month;
	    		}
	    	}
	    	
	    	if(year!=null && !year.equals("")){
	    		if(sql.length() > 0){
	    			sql += " AND YEAR_ID = " + year;
	    		}else{
	    			sql += "YEAR_ID = " + year;
	    		}
	    	}
	    	
	    	if(status!=null && !status.equals("")){
	    		if(sql.length() > 0){
	    			sql += " AND STATUS_ID = " + status;
	    		}else{
	    			sql += "STATUS_ID = " + status;
	    		}
	    	}
	    	
	    	if(vendor!=null && !vendor.equals("")){
	    		if(sql.length() > 0){
	    			sql += " AND VENDOR_ID = " + vendor;
	    		}else{
	    			sql += "VENDOR_ID = " + vendor;
	    		}
	    	}
	    	
	    	if(sql.length() > 0){
	    		itemDao.query(sql, "ORDER_ID LIMIT 100");
	    	}else{
	    		itemDao.query(null, "ORDER_ID LIMIT 100");
	    	}
	    	
	    	String xml = "";
	    	out.println("<?xml version=\"1.0\"?>");
	    	xml += ("<ITEMS>");
	    	
	    	while(itemDao.gotoNext()){
	    		xml += ("<ITEM>");
	    		xml += ("<ORDER_ID>");
	    		xml += (itemDao.getString("ORDER_ID"));
	    		xml += ("</ORDER_ID>");
	    		xml += ("<LOCAL_ORDER_ID>");
	    		xml += (itemDao.getString("LOCAL_ORDER_ID"));
	    		xml += ("</LOCAL_ORDER_ID>");
	    		xml += ("<ITEM_NAME>");
	    		xml += (itemDao.getString("ITEM_NAME"));
	    		xml += ("</ITEM_NAME>");
	    		xml += ("<VENDOR_ID>");
	    		xml += (itemDao.getString("VENDOR_ID"));
	    		xml += ("</VENDOR_ID>");
	    		xml += ("<PRICE>");
	    		xml += (itemDao.getString("PRICE"));
	    		xml += ("</PRICE>");
	    		xml += ("<MONTH>");
	    		xml += (itemDao.getString("MONTH_ID"));
	    		xml += ("</MONTH>");
	    		xml += ("<YEAR>");
	    		xml += (itemDao.getString("YEAR_ID"));
	    		xml += ("</YEAR>");
	    		xml += ("<STATUS>");
	    		xml += (itemDao.getString("STATUS_ID"));
	    		xml += ("</STATUS>");
	    		xml += ("</ITEM>");
	    	}
	    	
	    	xml += ("</ITEMS>");
	    	
//	    	BASE64Encoder enc = new BASE64Encoder();
//	    	xml = enc.encode(xml.getBytes());
	    	
	    	String result = "";
	    	userDao = new T_USERDao();
	    	userDao.query("USERNAME = '" + user + "'");
	    	if(userDao.gotoNext()){
	    		AES aes = new AES();
				result = aes.encrypt(userDao.getString("SID"), xml);   	
	    	}
	    	release(userDao);
	    	
	    	out.println(result);
	    	release(itemDao);
	    
	    }catch(Exception e){
	    	e.printStackTrace();
	    	Logger.logError(e);
	    }finally{
	    	release(itemDao);
	    }
	    
	}


	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
	}
	
	private void release(BaseDao dao){
		try{
			dao.close();
		}catch(Exception e){
			e.printStackTrace();
		}
	}
	

}
